Allow auth.get_user() method to be called multiple times.

The `ImportModuleAPI` calls the `auth.get_user()` which auths the
user using Kerberos. the `ImportModuleAPI` later calls `SCMHandler`
which in its `__init__` method calls the `auth.get_user()` again.
This leads to traceback in GSSAPI, because the user is already
authed.

This commit fixes this by caching the auth results in `flask.g`,
which is reset after each request based on the Note in
http://flask.pocoo.org/docs/1.0/appcontext/#storing-data.

This commit also marks mutual auth as OPTIONAL in `mbs-cli`,
because MBS server currently does not do mutual auth.

client/mbs-cli

@@ -34,7 +34,7 @@ import sys
 import openidc_client
 import requests.exceptions
 from six.moves import urllib_parse
-from requests_kerberos import HTTPKerberosAuth
+import requests_kerberos
 
 
 env_config = {
@@ -160,7 +160,9 @@ class MBSCli(object):
         if self._auth_mech == AuthMech.OpenIDC:
             headers['Authorization'] = 'Bearer {0}'.format(self._openidc_token)
         elif self._auth_mech == AuthMech.Kerberos:
-            request_data['auth'] = HTTPKerberosAuth()
+            # MBS server does not support mutual auth, so make it optional.
+            request_data['auth'] = requests_kerberos.HTTPKerberosAuth(
+                mutual_authentication=requests_kerberos.OPTIONAL)
 
         if headers:
             request_data['headers'] = headers